Application of AS8015: Tip No. 2 Applying the model

"directors should direct the preparation and implementation of policies and plans"

According to AS8015, "Polices, should establish sound behaviour in the use of ICT." The policy needs to ensure that the way ICT is used by the organisation, doesn't breach legal and regulatory requirements or adversely affect the reputation or other interests of the organisation.

Directors need to ensure policies and procedures are not only developed but are integrated into the everyday business operations, which involve the use of ICT. Examples, of ICT use that policies and procedures need to cover include:

Record Keeping - when correspondence is via e-mail

Security of Information - how widely particular documents may be circulated

Business Continuity - in the event of the destruction of a particular site, can the organisation continue to operate

Dissemination of Information - is information on website accurate

Privacy - appropriate use and access to employees email

Today, websites and email are being used to do business. This has elimated paper quotes, invoices and receipts. However, records of these still need to be kept in order to comply with Taxation requirements. There is no silver bullet solution to this problem. It needs a conscious action by the recipient of the email to "file" the email, for retrieval later.

The use of organisational resources, such as Internet Surfing, Telephone and Email for personal purposes such as contact with family and friends, needs to be covered by policies to ensure that the organisation does have legal access to what could be perceived to be the employees personal information.

Business Continuity plans, like fire drills, need to be tested and practiced to ensure that people are able to fulfil their roles and gaps are identified. These plans need to be based on a risk analysis and be addressed accordingly. The likelyhood of an event occurring, the financial and human cost of a contingency plan needs to be balanced against the benefits.